An issue was discovered in Ovidentia 8.3. The file upload feature does not prevent the uploading of executable files. A user can upload a .png file con
more...
An issue was discovered in Ovidentia 8.3. The file upload feature does not prevent the uploading of executable files. A user can upload a .png file containing PHP code and then rename it to have the .php extension. It will then be accessible at an images/common/ URI for remote code execution.
**Note: CVE details have been utilized in generating this advisory. The details of the vulnerability have not been independently verified by Black Duck CyRC.**
less...
Ovidentia Content Management System (CMS) is vulnerable to SQL injection (SQLi) due to insufficient sanitization of the `id` parameter. An authenticate
more...
Ovidentia Content Management System (CMS) is vulnerable to SQL injection (SQLi) due to insufficient sanitization of the `id` parameter. An authenticated attacker could exploit this issue in order to execute SQL commands to extract, modify and delete information from the database.
less...
This site uses cookies to give you the best possible experience.
By using the site, you consent to our use of cookies.
For more information, please see our
Privacy Policy
